LDAP proxy support
it enables support of ldap proxy in HA-mode. Change-Id: I24bb5c8033d202dfc56d3779c93b42a36881d95b
This commit is contained in:
parent
6707739fbe
commit
331e3239b7
|
@ -0,0 +1,55 @@
|
|||
module Puppet::Parser::Functions
|
||||
newfunction(:proxy_config_parser, :type => :rvalue, :doc => <<-EOS
|
||||
This function parses text area of custom openldap proxy configs and
|
||||
text area of additional domains, returns an array with two elements,
|
||||
1st element contains all custom openldap proxy configs, 2nd element
|
||||
contains list of domains that use default (from template) proxy config.
|
||||
EOS
|
||||
) do |args|
|
||||
|
||||
# args[0]: additional LDAP domains
|
||||
# args[1]: custom openldap proxy configs
|
||||
# args[2]: default domain
|
||||
|
||||
domains_with_proxy = ['base_config']
|
||||
domains_custom_proxy_configs = {}
|
||||
slapd_custom_conf = ''
|
||||
domains_default_conf = []
|
||||
function_returns = []
|
||||
array_of_domain_configs = args[0].split(/^$/)
|
||||
array_of_slapd_configs = args[1].split(/^$/)
|
||||
domains_with_proxy = domains_with_proxy.push(args[2])
|
||||
|
||||
#find domain with proxy enabled
|
||||
array_of_domain_configs.each do |domain_config|
|
||||
if domain_config.include? "ldap_proxy=true"
|
||||
domain_item = domain_config.slice(/(domain=.*)[^\n]/)
|
||||
domain = domain_item.split(/=/)
|
||||
domains_with_proxy = domains_with_proxy.push(domain[1])
|
||||
end
|
||||
end
|
||||
|
||||
#find domains with specified custom ldap proxy configs
|
||||
array_of_slapd_configs.each do |custom_config|
|
||||
custom_config_item = custom_config.slice!(/(config_for=.*)[^\n]/)
|
||||
custom_config_domain = custom_config_item.split(/=/)
|
||||
domains_custom_proxy_configs[custom_config_domain[1]] = custom_config
|
||||
end
|
||||
|
||||
#find domains with custom/default proxy configs
|
||||
domains_with_proxy.each do |domain|
|
||||
if domains_custom_proxy_configs[domain]
|
||||
slapd_custom_conf += domains_custom_proxy_configs[domain]
|
||||
else
|
||||
domains_default_conf = domains_default_conf.push(domain)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
function_returns = function_returns.push(slapd_custom_conf)
|
||||
function_returns = function_returns.push(domains_default_conf)
|
||||
|
||||
return function_returns
|
||||
|
||||
end
|
||||
end
|
|
@ -12,7 +12,7 @@ class plugin_ldap::controller {
|
|||
}
|
||||
|
||||
$identity_driver = 'keystone.identity.backends.ldap.Identity'
|
||||
$url = $::fuel_settings['ldap']['url']
|
||||
$ldap_url = $::fuel_settings['ldap']['url']
|
||||
$suffix = $::fuel_settings['ldap']['suffix']
|
||||
$user = $::fuel_settings['ldap']['user']
|
||||
$password = $::fuel_settings['ldap']['password']
|
||||
|
@ -25,6 +25,8 @@ class plugin_ldap::controller {
|
|||
$user_pass_attribute = $::fuel_settings['ldap']['user_pass_attribute']
|
||||
$user_enabled_attribute = $::fuel_settings['ldap']['user_enabled_attribute']
|
||||
$additional_domains = $::fuel_settings['ldap']['additional_domains']
|
||||
$ldap_proxy_custom_conf = $::fuel_settings['ldap']['ldap_proxy_custom_conf']
|
||||
$ldap_proxy = $::fuel_settings['ldap']['ldap_proxy']
|
||||
|
||||
$user_allow_create = false
|
||||
$user_allow_update = false
|
||||
|
@ -49,6 +51,52 @@ class plugin_ldap::controller {
|
|||
$use_tls = $::fuel_settings['ldap']['use_tls']
|
||||
$ca_chain = pick($::fuel_settings['ldap']['ca_chain'], false)
|
||||
|
||||
###############################################################################
|
||||
|
||||
#Install ldap_proxy and generate slapd.conf file
|
||||
if $ldap_proxy {
|
||||
$url = "ldap://${management_vip}"
|
||||
|
||||
$proxy_data = proxy_config_parser($additional_domains, $ldap_proxy_custom_conf, $domain)
|
||||
|
||||
class {'plugin_ldap::ldap_proxy_install':
|
||||
slapd_custom_config => $proxy_data[0],
|
||||
slapd_config_template => $proxy_data[1],
|
||||
domain_name => $domain,
|
||||
use_tls => $use_tls,
|
||||
}
|
||||
|
||||
class {'plugin_ldap::ldap_proxy_init':
|
||||
internal_virtual_ip => $management_vip,
|
||||
}
|
||||
|
||||
Class['plugin_ldap::ldap_proxy_install'] -> Plugin_ldap::Keystone<||> -> Class['plugin_ldap::ldap_proxy_init']
|
||||
Service['httpd'] -> Class['plugin_ldap::ldap_proxy_init']
|
||||
|
||||
if $use_tls {
|
||||
plugin_ldap::tls { "${domain}_tls_certificate" :
|
||||
domain_tls => $domain,
|
||||
ca_chain => $ca_chain,
|
||||
}
|
||||
}
|
||||
$tls = false
|
||||
} else {
|
||||
$url = $::fuel_settings['ldap']['url']
|
||||
$proxy_data = []
|
||||
$tls = $use_tls
|
||||
}
|
||||
|
||||
#Create domains using info from text area 'List of additional Domains'
|
||||
if $additional_domains {
|
||||
$domains_list = split($additional_domains, '^$')
|
||||
plugin_ldap::multiple_domain { $domains_list:
|
||||
identity_driver => $identity_driver,
|
||||
ldap_proxy => $ldap_proxy,
|
||||
management_vip => $management_vip,
|
||||
slapd_config_template => $proxy_data[1],
|
||||
}
|
||||
}
|
||||
|
||||
file { '/etc/keystone/domains':
|
||||
ensure => 'directory',
|
||||
owner => 'keystone',
|
||||
|
@ -60,11 +108,10 @@ class plugin_ldap::controller {
|
|||
"identity/domain_specific_drivers_enabled": value => 'True';
|
||||
}
|
||||
|
||||
plugin_ldap::keystone {$domain:
|
||||
domain => $domain,
|
||||
plugin_ldap::keystone { $domain:
|
||||
identity_driver => $identity_driver,
|
||||
url => $url,
|
||||
use_tls => $use_tls,
|
||||
use_tls => $tls,
|
||||
ca_chain => $ca_chain,
|
||||
suffix => $suffix,
|
||||
user => $user,
|
||||
|
@ -96,37 +143,33 @@ class plugin_ldap::controller {
|
|||
chase_referrals => $chase_referrals,
|
||||
}
|
||||
|
||||
Plugin_ldap::Keystone<||> ~>
|
||||
service { 'httpd':
|
||||
name => "$apache::params::service_name",
|
||||
name => $apache::params::service_name,
|
||||
ensure => running,
|
||||
}
|
||||
|
||||
#Create domains using info from text area 'List of additional Domains'
|
||||
if $additional_domains {
|
||||
$domains_list = split($additional_domains, '^$')
|
||||
plugin_ldap::multiple_domain { $domains_list:
|
||||
identity_driver => $identity_driver,
|
||||
}
|
||||
}
|
||||
|
||||
file_line { 'OPENSTACK_KEYSTONE_URL':
|
||||
path => '/etc/openstack-dashboard/local_settings.py',
|
||||
line => "OPENSTACK_KEYSTONE_URL = \"http://${management_vip}:5000/v3/\"",
|
||||
match => "^OPENSTACK_KEYSTONE_URL = .*$",
|
||||
tag => 'ldap-horizon',
|
||||
}
|
||||
|
||||
file_line { 'OPENSTACK_API_VERSIONS':
|
||||
path => '/etc/openstack-dashboard/local_settings.py',
|
||||
line => "OPENSTACK_API_VERSIONS = { \"identity\": 3 }",
|
||||
match => "^# OPENSTACK_API_VERSIONS = {.*$",
|
||||
tag => 'ldap-horizon',
|
||||
}
|
||||
|
||||
file_line { 'OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT':
|
||||
path => '/etc/openstack-dashboard/local_settings.py',
|
||||
line => "OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True",
|
||||
match => "^# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = .*$",
|
||||
tag => 'ldap-horizon',
|
||||
}
|
||||
|
||||
File_line<||> ~> Service ['httpd']
|
||||
File_line<| tag == 'ldap-horizon'|> ~> Service['httpd']
|
||||
Keystone_config <||> ~> Service['httpd']
|
||||
Plugin_ldap::Tls<||> ~> Service['httpd']
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
define plugin_ldap::keystone (
|
||||
$domain = undef,
|
||||
$domain = $name,
|
||||
$identity_driver = undef,
|
||||
$url = undef,
|
||||
$use_tls = undef,
|
||||
|
@ -35,33 +35,24 @@ define plugin_ldap::keystone (
|
|||
){
|
||||
|
||||
if $use_tls {
|
||||
$cacertfile = "/usr/local/share/ca-certificates/cacert-ldap-${domain}.crt"
|
||||
|
||||
plugin_ldap::tls { "${domain}_tls_certificate" :
|
||||
domain_tls => $domain,
|
||||
ca_chain => $ca_chain,
|
||||
}
|
||||
if $ca_chain {
|
||||
$tls_cacertdir = '/etc/ssl/certs'
|
||||
}
|
||||
else {
|
||||
$tls_cacertdir = ''
|
||||
}
|
||||
|
||||
if $ca_chain {
|
||||
file { $cacertfile:
|
||||
ensure => file,
|
||||
mode => 0644,
|
||||
content => $ca_chain,
|
||||
}
|
||||
~>
|
||||
exec { "$domain" :
|
||||
command => '/usr/sbin/update-ca-certificates'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
file { "/etc/keystone/domains/keystone.${domain}.conf":
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '644',
|
||||
mode => '0644',
|
||||
require => File['/etc/keystone/domains'],
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
class plugin_ldap::ldap_proxy_init (
|
||||
$internal_virtual_ip = undef,
|
||||
$slapd_defaults_match = '^SLAPD_SERVICES=',
|
||||
$slapd_defaults_path = '/etc/default/slapd',
|
||||
$bin_paths = '/usr/sbin/:/usr/local/bin/:/bin/:/usr/bin',
|
||||
$slaptest_run = 'slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d',
|
||||
$slapd_rsyslog = '/etc/rsyslog.d/slapd.conf',
|
||||
) {
|
||||
|
||||
$network_metadata = hiera_hash('network_metadata', {})
|
||||
$controller_hash = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']), 'management')
|
||||
$controller_nodes = keys($controller_hash)
|
||||
$controller_ip = values($controller_hash)
|
||||
$network_scheme = hiera_hash('network_scheme', {})
|
||||
prepare_network_config($network_scheme)
|
||||
$local_address = get_network_role_property('management', 'ipaddr')
|
||||
$cidr = hiera('management_network_range')
|
||||
$slapd_defaults_services = "SLAPD_SERVICES=\"ldap://${local_address}\""
|
||||
|
||||
file_line { 'slapd_defaults':
|
||||
ensure => present,
|
||||
path => $slapd_defaults_path,
|
||||
line => $slapd_defaults_services,
|
||||
replace => true,
|
||||
match => $slapd_defaults_match,
|
||||
} ->
|
||||
|
||||
exec { 'run_slaptest':
|
||||
command => $slaptest_run,
|
||||
path => $bin_paths,
|
||||
user => 'openldap',
|
||||
group => 'openldap',
|
||||
notify => Service['slapd'],
|
||||
} ->
|
||||
|
||||
service { 'slapd':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
}
|
||||
|
||||
service { 'rsyslog':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
}
|
||||
|
||||
file { $slapd_rsyslog:
|
||||
ensure => present,
|
||||
content => template('plugin_ldap/slapd_rsyslog.erb'),
|
||||
notify => Service['rsyslog'],
|
||||
}
|
||||
|
||||
firewall { '255 allow ldap-proxy':
|
||||
source => $cidr,
|
||||
destination => $baremetal_ipaddr,
|
||||
proto => 'tcp',
|
||||
dport => '389',
|
||||
state => ['NEW', 'RELATED', 'ESTABLISHED'],
|
||||
action => 'accept',
|
||||
} ->
|
||||
|
||||
openstack::ha::haproxy_service { 'slapd':
|
||||
internal_virtual_ip => $internal_virtual_ip,
|
||||
ipaddresses => $controller_ip,
|
||||
server_names => $controller_nodes,
|
||||
haproxy_config_options => {
|
||||
mode => 'tcp',
|
||||
stats => 'enable',
|
||||
option => ['ldap-check',]
|
||||
},
|
||||
balancermember_options => 'maxconn 10000 check',
|
||||
order => '180',
|
||||
listen_port => '389',
|
||||
} ~> Service<| title == 'haproxy' |>
|
||||
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
class plugin_ldap::ldap_proxy_install (
|
||||
$domain_name,
|
||||
$slapd_custom_config = undef,
|
||||
$slapd_config_template = undef,
|
||||
$use_tls = false,
|
||||
$base_config_label = 'base_config',
|
||||
$slapd_dir = '/etc/ldap/slapd.d/*',
|
||||
$slapd_config = '/etc/ldap/slapd.conf',
|
||||
) {
|
||||
|
||||
package { 'ldap-utils':
|
||||
ensure => 'installed',
|
||||
} ->
|
||||
|
||||
file { '/etc/init/slapd.conf':
|
||||
ensure => present,
|
||||
content => template('plugin_ldap/slapd_upstart.erb'),
|
||||
} ->
|
||||
|
||||
package { 'slapd':
|
||||
ensure => 'installed',
|
||||
} ->
|
||||
|
||||
exec { 'clean_slapd_d':
|
||||
command => "/bin/rm -rf ${slapd_dir}",
|
||||
} ->
|
||||
|
||||
concat { "${slapd_config}" :
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
if $base_config_label in $slapd_config_template {
|
||||
concat::fragment { "base_fragment" :
|
||||
target => $slapd_config,
|
||||
content => template('plugin_ldap/slapd_base.erb'),
|
||||
order => '10',
|
||||
}
|
||||
}
|
||||
|
||||
if $domain_name in $slapd_config_template {
|
||||
if ! $use_tls {
|
||||
concat::fragment { "${domain_name}_fragment" :
|
||||
target => $slapd_config,
|
||||
content => template('plugin_ldap/slapd_conf.erb'),
|
||||
order => '20',
|
||||
}
|
||||
}
|
||||
else {
|
||||
concat::fragment { "${domain_name}_tls_fragment" :
|
||||
target => $slapd_config,
|
||||
content => template('plugin_ldap/slapd_tls_conf.erb'),
|
||||
order => '20',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if $slapd_custom_config {
|
||||
concat::fragment { 'ldap_proxy_init' :
|
||||
target => $slapd_config,
|
||||
content => $slapd_custom_config,
|
||||
order => '30',
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,19 +1,66 @@
|
|||
define plugin_ldap::multiple_domain (
|
||||
$domain_info = $title,
|
||||
$identity_driver = undef
|
||||
$domain_info = $title,
|
||||
$identity_driver = undef,
|
||||
$ldap_proxy = undef,
|
||||
$management_vip = undef,
|
||||
$slapd_config_template = undef,
|
||||
$slapd_conf = '/etc/ldap/slapd.conf',
|
||||
){
|
||||
|
||||
$domain_params_hash = parse_it($domain_info)
|
||||
|
||||
$domain = $domain_params_hash['domain']
|
||||
$suffix = $domain_params_hash['suffix']
|
||||
$user_tree_dn = $domain_params_hash['user_tree_dn']
|
||||
$user = $domain_params_hash['user']
|
||||
$password = $domain_params_hash['password']
|
||||
$ldap_url = $domain_params_hash['url']
|
||||
$use_tls = $domain_params_hash['use_tls']
|
||||
$ldap_proxy_multidomain = $domain_params_hash['ldap_proxy']
|
||||
$ca_chain = $domain_params_hash['ca_chain']
|
||||
|
||||
if $ldap_proxy_multidomain =~ /^[Tt]rue$/ {
|
||||
$url = "ldap://${management_vip}"
|
||||
|
||||
if $domain in $slapd_config_template {
|
||||
if $use_tls =~ /^[Ff]alse$/ {
|
||||
|
||||
concat::fragment { "${domain}_fragment" :
|
||||
target => $slapd_conf,
|
||||
content => template('plugin_ldap/slapd_conf.erb'),
|
||||
}
|
||||
}
|
||||
elsif $use_tls =~ /^[Tt]rue$/ {
|
||||
|
||||
concat::fragment { "${domain}_tls_fragment" :
|
||||
target => $slapd_conf,
|
||||
content => template('plugin_ldap/slapd_tls_conf.erb'),
|
||||
}
|
||||
|
||||
plugin_ldap::tls { "${domain}_tls_certificate" :
|
||||
domain_tls => $domain,
|
||||
ca_chain => $ca_chain,
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
$tls = false
|
||||
} else {
|
||||
$url = $domain_params_hash['url']
|
||||
$tls = $use_tls ? { /^[Tt]rue$/ => true, default => false }
|
||||
}
|
||||
|
||||
plugin_ldap::keystone { "$domain_params_hash['domain']" :
|
||||
domain => $domain_params_hash['domain'],
|
||||
domain => $domain,
|
||||
identity_driver => $identity_driver,
|
||||
url => $domain_params_hash['url'],
|
||||
use_tls => $domain_params_hash['use_tls'],
|
||||
ca_chain => $domain_params_hash['ca_chain'],
|
||||
suffix => $domain_params_hash['suffix'],
|
||||
user => $domain_params_hash['user'],
|
||||
password => $domain_params_hash['password'],
|
||||
url => $url,
|
||||
use_tls => $tls,
|
||||
ca_chain => $ca_chain,
|
||||
suffix => $suffix,
|
||||
user => $user,
|
||||
password => $password,
|
||||
query_scope => $domain_params_hash['query_scope'],
|
||||
user_tree_dn => $domain_params_hash['user_tree_dn'],
|
||||
user_tree_dn => $user_tree_dn,
|
||||
user_filter => $domain_params_hash['user_filter'],
|
||||
user_objectclass => $domain_params_hash['user_objectclass'],
|
||||
user_id_attribute => $domain_params_hash['user_id_attribute'],
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
define plugin_ldap::tls (
|
||||
$domain_tls,
|
||||
$ca_chain,
|
||||
){
|
||||
|
||||
$cacertfile = "/usr/local/share/ca-certificates/cacert-ldap-${domain_tls}.crt"
|
||||
|
||||
file { $cacertfile:
|
||||
ensure => file,
|
||||
mode => 0644,
|
||||
content => $ca_chain,
|
||||
}
|
||||
~>
|
||||
exec { "$domain_tls" :
|
||||
command => '/usr/sbin/update-ca-certificates'
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
include /etc/ldap/schema/core.schema
|
||||
include /etc/ldap/schema/cosine.schema
|
||||
include /etc/ldap/schema/inetorgperson.schema
|
||||
include /etc/ldap/schema/nis.schema
|
||||
|
||||
modulepath /usr/lib/ldap
|
||||
moduleload back_ldap
|
||||
|
||||
pidfile /var/run/slapd/slapd.pid
|
||||
argsfile /var/run/slapd/slapd.args
|
||||
|
||||
loglevel 0
|
|
@ -0,0 +1,14 @@
|
|||
|
||||
################################################
|
||||
##template config
|
||||
database ldap
|
||||
suffix "<%= @suffix %>"
|
||||
readonly yes
|
||||
protocol-version 3
|
||||
uri "<%= @ldap_url %>"
|
||||
rootdn "<%= @user_tree_dn %>"
|
||||
idassert-bind bindmethod=simple
|
||||
binddn="<%= @user %>"
|
||||
credentials="<%= @password %>"
|
||||
mode=none
|
||||
idassert-authzFrom "*"
|
|
@ -0,0 +1,3 @@
|
|||
#slapd logs
|
||||
if $programname startswith 'slapd' then /var/log/ldap_proxy.log
|
||||
&~
|
|
@ -0,0 +1,18 @@
|
|||
|
||||
################################################
|
||||
#template config
|
||||
database ldap
|
||||
suffix "<%= @suffix %>"
|
||||
readonly yes
|
||||
protocol-version 3
|
||||
uri "<%= @ldap_url %>"
|
||||
rootdn "<%= @user_tree_dn %>"
|
||||
tls start
|
||||
idassert-bind bindmethod=simple
|
||||
binddn="<%= @user %>"
|
||||
credentials="<%= @password %>"
|
||||
mode=self
|
||||
tls_reqcert=demand
|
||||
starttls="yes"
|
||||
tls_cacert=/etc/ssl/certs/
|
||||
idassert-authzFrom "*"
|
|
@ -0,0 +1,38 @@
|
|||
description "OpenLDAP standalone server"
|
||||
|
||||
start on runlevel [23]
|
||||
stop on shutdown
|
||||
|
||||
respawn
|
||||
|
||||
kill signal SIGINT
|
||||
kill timeout 60
|
||||
|
||||
limit nofile 100000 100000
|
||||
|
||||
pre-start script
|
||||
. /etc/default/slapd
|
||||
|
||||
if [ -n "$SLAPD_NO_START" ]; then
|
||||
echo 'Not starting slapd: SLAPD_NO_START set in /etc/default/slapd'
|
||||
stop
|
||||
fi
|
||||
if [ -n "$SLAPD_SENTINEL_FILE" ] && [ -e "$SLAPD_SENTINEL_FILE" ]; then
|
||||
echo "Not starting slapd: $SLAPD_SENTINEL_FILE exists"
|
||||
stop
|
||||
fi
|
||||
|
||||
mkdir -p /var/run/slapd
|
||||
chown openldap:openldap /var/run/slapd
|
||||
end script
|
||||
|
||||
script
|
||||
. /etc/default/slapd
|
||||
|
||||
/usr/sbin/slapd -h "${SLAPD_SERVICES}" -u "${SLAPD_USER}" -g "${SLAPD_GROUP}" -F /etc/ldap/slapd.d -d 0
|
||||
end script
|
||||
|
||||
post-stop script
|
||||
rm -rf /var/run/slapd
|
||||
end script
|
||||
|
|
@ -17,15 +17,21 @@ attributes:
|
|||
regex:
|
||||
source: '^ldap[si]?:\/\/([a-zA-Z0-9._-]+)(:[0-9]+)?$'
|
||||
error: "LDAP URL is not valid. Should be e.g. 'ldap://example.com'."
|
||||
ldap_proxy:
|
||||
value: false
|
||||
label: "LDAP proxy"
|
||||
description: "Enable LDAP proxy."
|
||||
weight: 26
|
||||
type: "checkbox"
|
||||
use_tls:
|
||||
value: false
|
||||
label: "Use TLS"
|
||||
description: "Enable TLS for communicating with the LDAP server."
|
||||
weight: 26
|
||||
weight: 27
|
||||
type: "checkbox"
|
||||
ca_chain:
|
||||
type: "textarea"
|
||||
weight: 27
|
||||
weight: 28
|
||||
value: ''
|
||||
label: "CA Chain"
|
||||
description: "CA trust chain in PEM format."
|
||||
|
@ -39,7 +45,7 @@ attributes:
|
|||
value: 'cn=example,cn=com'
|
||||
label: 'LDAP Suffix'
|
||||
description: 'LDAP server suffix.'
|
||||
weight: 26
|
||||
weight: 29
|
||||
type: "text"
|
||||
user:
|
||||
value: 'cn=admin,dc=local'
|
||||
|
@ -176,4 +182,10 @@ attributes:
|
|||
weight: 120
|
||||
value: ''
|
||||
label: "List of additional Domains"
|
||||
description: "Blocks of additional domains/parameters that should be created"
|
||||
description: "Blocks of additional domains/parameters that should be created."
|
||||
ldap_proxy_custom_conf:
|
||||
type: "textarea"
|
||||
weight: 125
|
||||
value: ''
|
||||
label: "List of custom LDAP proxy configs"
|
||||
description: "List of custom LDAP proxy configs."
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
name: ldap
|
||||
title: LDAP plugin for Keystone
|
||||
version: '2.0.0'
|
||||
version: '3.0.0'
|
||||
description: Enable to use LDAP authentication backend for Keystone
|
||||
fuel_version: ['8.0']
|
||||
fuel_version: ['9.0']
|
||||
licenses: ['Apache License Version 2.0']
|
||||
authors: ['Mirantis']
|
||||
homepage: 'https://github.com/stackforge/fuel-plugin-ldap'
|
||||
groups: ['network']
|
||||
releases:
|
||||
- os: ubuntu
|
||||
version: liberty-8.0
|
||||
version: mitaka-9.0
|
||||
mode: ['ha']
|
||||
deployment_scripts_path: deployment_scripts/
|
||||
repository_path: repositories/ubuntu
|
||||
|
|
Loading…
Reference in New Issue